| commit | ea2a460cf68b6d16a3b379842e91c0bdf942ca16 | |
| author | Aleksey Kliger (λgeek) <alklig@microsoft.com> | |
| Fri, 4 Oct 2019 05:17:49 +0000 (4 01:17 -0400) | ||
| committer | Alexis Christoforides <alexis@thenull.net> | |
| Fri, 4 Oct 2019 05:17:49 +0000 (4 01:17 -0400) | ||
| tree | 71869526068ef2ce8e32aa3dad264e59aa60b30c | treesnapshot (tar.gz zip) |
| parent | 8c1ef74bb125bf49d6b1e3f2e80ac235adb27bd8 | commitdiff |
[merp] Don't overrun buffer in copy_summary_string_safe … (#17176)
* [merp] Don't overrun buffer in copy_summary_string_safe
MonoFrameSummary:str_destr is an array of MONO_MAX_SUMMARY_NAME_LEN bytes, not
MONO_MAX_SUMMARY_NAME_LEN + 1 bytes.
Fixes Coverity CID 1454563
* [merp] Use g_strlcpy for copy_summary_string_safe
Fixes Coverity CID 1454563
We would sometimes write to MonoSummaryFrame:str_descr which is
MONO_MAX_SUMMARY_NAME_LEN bytes long at index MONO_MAX_SUMMARY_NAME_LEN which
is one past the end of the array.
* nit: rename confusing parameter names
old names were confusing - we were copying from 'out' to 'in'. Now we copy to
'dest' from 'src'
* [merp] Don't overrun buffer in copy_summary_string_safe
MonoFrameSummary:str_destr is an array of MONO_MAX_SUMMARY_NAME_LEN bytes, not
MONO_MAX_SUMMARY_NAME_LEN + 1 bytes.
Fixes Coverity CID 1454563
* [merp] Use g_strlcpy for copy_summary_string_safe
Fixes Coverity CID 1454563
We would sometimes write to MonoSummaryFrame:str_descr which is
MONO_MAX_SUMMARY_NAME_LEN bytes long at index MONO_MAX_SUMMARY_NAME_LEN which
is one past the end of the array.
* nit: rename confusing parameter names
old names were confusing - we were copying from 'out' to 'in'. Now we copy to
'dest' from 'src'
| mono/mini/mini-exceptions.c | diffblobblamehistory |